Encrypted password question
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
1
down vote
favorite
I noticed in the html of my router this parameter:
form.addParameter('Password', base64encode(SHA256(Password.value)));
So when I type in the password passw
I get this via sslstrip
:
2018-09-25 21:13:31,605 POST Data (192.168.1.1):
Username=acc&Password=ZTQ1ZDkwOTU3ZWVjNzM4NzcyNmM2YTFiMTc0ZGE3YjU2NmEyNGZmNGNiMDYwZGNiY2RmZWJiOTMxYTkzZmZlMw%3D%3D
Is this hash easy to crack via bruteforce/dictionary? I am still a beginner, but that looks like double encryption to me.
Also, is there some faster way of getting this password than cracking it?
encryption passwords
New contributor
add a comment |Â
up vote
1
down vote
favorite
I noticed in the html of my router this parameter:
form.addParameter('Password', base64encode(SHA256(Password.value)));
So when I type in the password passw
I get this via sslstrip
:
2018-09-25 21:13:31,605 POST Data (192.168.1.1):
Username=acc&Password=ZTQ1ZDkwOTU3ZWVjNzM4NzcyNmM2YTFiMTc0ZGE3YjU2NmEyNGZmNGNiMDYwZGNiY2RmZWJiOTMxYTkzZmZlMw%3D%3D
Is this hash easy to crack via bruteforce/dictionary? I am still a beginner, but that looks like double encryption to me.
Also, is there some faster way of getting this password than cracking it?
encryption passwords
New contributor
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I noticed in the html of my router this parameter:
form.addParameter('Password', base64encode(SHA256(Password.value)));
So when I type in the password passw
I get this via sslstrip
:
2018-09-25 21:13:31,605 POST Data (192.168.1.1):
Username=acc&Password=ZTQ1ZDkwOTU3ZWVjNzM4NzcyNmM2YTFiMTc0ZGE3YjU2NmEyNGZmNGNiMDYwZGNiY2RmZWJiOTMxYTkzZmZlMw%3D%3D
Is this hash easy to crack via bruteforce/dictionary? I am still a beginner, but that looks like double encryption to me.
Also, is there some faster way of getting this password than cracking it?
encryption passwords
New contributor
I noticed in the html of my router this parameter:
form.addParameter('Password', base64encode(SHA256(Password.value)));
So when I type in the password passw
I get this via sslstrip
:
2018-09-25 21:13:31,605 POST Data (192.168.1.1):
Username=acc&Password=ZTQ1ZDkwOTU3ZWVjNzM4NzcyNmM2YTFiMTc0ZGE3YjU2NmEyNGZmNGNiMDYwZGNiY2RmZWJiOTMxYTkzZmZlMw%3D%3D
Is this hash easy to crack via bruteforce/dictionary? I am still a beginner, but that looks like double encryption to me.
Also, is there some faster way of getting this password than cracking it?
encryption passwords
encryption passwords
New contributor
New contributor
edited 2 hours ago
schroederâ¦
65.4k25139176
65.4k25139176
New contributor
asked 2 hours ago
MyWays
82
82
New contributor
New contributor
add a comment |Â
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
3
down vote
accepted
It's a base64 unsalted sha256 hash. It's not double encryption, but a not needed encoding.
An unsalted hash means it's trivial to just search the hash on Google and probably it will find the result.
Only trivial if the password is common.
â zaph
1 hour ago
1
I meant "is trivial to search", not to find the password. But to bruteforce SHA256 using any bitcoin ASIC is trivial too. A Dragonmint 16T can do 16TH/s and would bruteforce a 12 chars alphanumeric password in less than 100 hours. A 8 chars alphanumeric would fail in a tenth of a second...
â ThoriumBR
53 mins ago
Sure a Dragonmint is fast and specialized hardware. That is why using SHA256 is not secure for passwords, what is needed is a slow method such as PBKDF2, Argon2i or comparable methods, these are slow and should be used with parameters to require about 100ms or CPU time and additionally Argon2i requires substantial memory as well. Trye88f244abd61582387cc2afc0476e112550f24395cdf338ed7ad7deace2e6ebe
, it is a the SHA-256 hash of a 12 character password.
â zaph
7 mins ago
add a comment |Â
up vote
2
down vote
I URL decoded it, then decoded it from base64, then passed it to an online hash database.
The result was:
Hash Type Result
e45d90957eec7387726c6a1b174da7b566a24ff4cb060dcbcdfebb931a93ffe3 sha256 passw
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
3
down vote
accepted
It's a base64 unsalted sha256 hash. It's not double encryption, but a not needed encoding.
An unsalted hash means it's trivial to just search the hash on Google and probably it will find the result.
Only trivial if the password is common.
â zaph
1 hour ago
1
I meant "is trivial to search", not to find the password. But to bruteforce SHA256 using any bitcoin ASIC is trivial too. A Dragonmint 16T can do 16TH/s and would bruteforce a 12 chars alphanumeric password in less than 100 hours. A 8 chars alphanumeric would fail in a tenth of a second...
â ThoriumBR
53 mins ago
Sure a Dragonmint is fast and specialized hardware. That is why using SHA256 is not secure for passwords, what is needed is a slow method such as PBKDF2, Argon2i or comparable methods, these are slow and should be used with parameters to require about 100ms or CPU time and additionally Argon2i requires substantial memory as well. Trye88f244abd61582387cc2afc0476e112550f24395cdf338ed7ad7deace2e6ebe
, it is a the SHA-256 hash of a 12 character password.
â zaph
7 mins ago
add a comment |Â
up vote
3
down vote
accepted
It's a base64 unsalted sha256 hash. It's not double encryption, but a not needed encoding.
An unsalted hash means it's trivial to just search the hash on Google and probably it will find the result.
Only trivial if the password is common.
â zaph
1 hour ago
1
I meant "is trivial to search", not to find the password. But to bruteforce SHA256 using any bitcoin ASIC is trivial too. A Dragonmint 16T can do 16TH/s and would bruteforce a 12 chars alphanumeric password in less than 100 hours. A 8 chars alphanumeric would fail in a tenth of a second...
â ThoriumBR
53 mins ago
Sure a Dragonmint is fast and specialized hardware. That is why using SHA256 is not secure for passwords, what is needed is a slow method such as PBKDF2, Argon2i or comparable methods, these are slow and should be used with parameters to require about 100ms or CPU time and additionally Argon2i requires substantial memory as well. Trye88f244abd61582387cc2afc0476e112550f24395cdf338ed7ad7deace2e6ebe
, it is a the SHA-256 hash of a 12 character password.
â zaph
7 mins ago
add a comment |Â
up vote
3
down vote
accepted
up vote
3
down vote
accepted
It's a base64 unsalted sha256 hash. It's not double encryption, but a not needed encoding.
An unsalted hash means it's trivial to just search the hash on Google and probably it will find the result.
It's a base64 unsalted sha256 hash. It's not double encryption, but a not needed encoding.
An unsalted hash means it's trivial to just search the hash on Google and probably it will find the result.
answered 2 hours ago
ThoriumBR
17.7k44264
17.7k44264
Only trivial if the password is common.
â zaph
1 hour ago
1
I meant "is trivial to search", not to find the password. But to bruteforce SHA256 using any bitcoin ASIC is trivial too. A Dragonmint 16T can do 16TH/s and would bruteforce a 12 chars alphanumeric password in less than 100 hours. A 8 chars alphanumeric would fail in a tenth of a second...
â ThoriumBR
53 mins ago
Sure a Dragonmint is fast and specialized hardware. That is why using SHA256 is not secure for passwords, what is needed is a slow method such as PBKDF2, Argon2i or comparable methods, these are slow and should be used with parameters to require about 100ms or CPU time and additionally Argon2i requires substantial memory as well. Trye88f244abd61582387cc2afc0476e112550f24395cdf338ed7ad7deace2e6ebe
, it is a the SHA-256 hash of a 12 character password.
â zaph
7 mins ago
add a comment |Â
Only trivial if the password is common.
â zaph
1 hour ago
1
I meant "is trivial to search", not to find the password. But to bruteforce SHA256 using any bitcoin ASIC is trivial too. A Dragonmint 16T can do 16TH/s and would bruteforce a 12 chars alphanumeric password in less than 100 hours. A 8 chars alphanumeric would fail in a tenth of a second...
â ThoriumBR
53 mins ago
Sure a Dragonmint is fast and specialized hardware. That is why using SHA256 is not secure for passwords, what is needed is a slow method such as PBKDF2, Argon2i or comparable methods, these are slow and should be used with parameters to require about 100ms or CPU time and additionally Argon2i requires substantial memory as well. Trye88f244abd61582387cc2afc0476e112550f24395cdf338ed7ad7deace2e6ebe
, it is a the SHA-256 hash of a 12 character password.
â zaph
7 mins ago
Only trivial if the password is common.
â zaph
1 hour ago
Only trivial if the password is common.
â zaph
1 hour ago
1
1
I meant "is trivial to search", not to find the password. But to bruteforce SHA256 using any bitcoin ASIC is trivial too. A Dragonmint 16T can do 16TH/s and would bruteforce a 12 chars alphanumeric password in less than 100 hours. A 8 chars alphanumeric would fail in a tenth of a second...
â ThoriumBR
53 mins ago
I meant "is trivial to search", not to find the password. But to bruteforce SHA256 using any bitcoin ASIC is trivial too. A Dragonmint 16T can do 16TH/s and would bruteforce a 12 chars alphanumeric password in less than 100 hours. A 8 chars alphanumeric would fail in a tenth of a second...
â ThoriumBR
53 mins ago
Sure a Dragonmint is fast and specialized hardware. That is why using SHA256 is not secure for passwords, what is needed is a slow method such as PBKDF2, Argon2i or comparable methods, these are slow and should be used with parameters to require about 100ms or CPU time and additionally Argon2i requires substantial memory as well. Try
e88f244abd61582387cc2afc0476e112550f24395cdf338ed7ad7deace2e6ebe
, it is a the SHA-256 hash of a 12 character password.â zaph
7 mins ago
Sure a Dragonmint is fast and specialized hardware. That is why using SHA256 is not secure for passwords, what is needed is a slow method such as PBKDF2, Argon2i or comparable methods, these are slow and should be used with parameters to require about 100ms or CPU time and additionally Argon2i requires substantial memory as well. Try
e88f244abd61582387cc2afc0476e112550f24395cdf338ed7ad7deace2e6ebe
, it is a the SHA-256 hash of a 12 character password.â zaph
7 mins ago
add a comment |Â
up vote
2
down vote
I URL decoded it, then decoded it from base64, then passed it to an online hash database.
The result was:
Hash Type Result
e45d90957eec7387726c6a1b174da7b566a24ff4cb060dcbcdfebb931a93ffe3 sha256 passw
add a comment |Â
up vote
2
down vote
I URL decoded it, then decoded it from base64, then passed it to an online hash database.
The result was:
Hash Type Result
e45d90957eec7387726c6a1b174da7b566a24ff4cb060dcbcdfebb931a93ffe3 sha256 passw
add a comment |Â
up vote
2
down vote
up vote
2
down vote
I URL decoded it, then decoded it from base64, then passed it to an online hash database.
The result was:
Hash Type Result
e45d90957eec7387726c6a1b174da7b566a24ff4cb060dcbcdfebb931a93ffe3 sha256 passw
I URL decoded it, then decoded it from base64, then passed it to an online hash database.
The result was:
Hash Type Result
e45d90957eec7387726c6a1b174da7b566a24ff4cb060dcbcdfebb931a93ffe3 sha256 passw
edited 53 mins ago
answered 2 hours ago
schroederâ¦
65.4k25139176
65.4k25139176
add a comment |Â
add a comment |Â
MyWays is a new contributor. Be nice, and check out our Code of Conduct.
MyWays is a new contributor. Be nice, and check out our Code of Conduct.
MyWays is a new contributor. Be nice, and check out our Code of Conduct.
MyWays is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f194460%2fencrypted-password-question%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password